From 03e98985ea1372d97dbf437ff26d7a6abe536ace Mon Sep 17 00:00:00 2001 From: TheophileDiot Date: Fri, 2 Dec 2022 15:37:23 +0100 Subject: [PATCH] Migrate more examples and lint --- .../behind-reverse-proxy/docker-compose.yml | 1 - .../certbot-dns-cloudflare/docker-compose.yml | 1 - .../docker-compose.yml | 1 - .../certbot-dns-google/docker-compose.yml | 1 - examples/certbot-dns-ovh/docker-compose.yml | 1 - .../certbot-dns-route53/docker-compose.yml | 1 - examples/docker-configs/docker-compose.yml | 1 - examples/drupal/docker-compose.yml | 4 +- examples/ghost/docker-compose.yml | 1 - examples/hardened/docker-compose.yml | 1 - examples/joomla/docker-compose.yml | 4 +- examples/load-balancer/docker-compose.yml | 1 - examples/magento/docker-compose.yml | 4 +- examples/mattermost/docker-compose.yml | 4 +- examples/mongo-express/docker-compose.yml | 1 - examples/moodle/docker-compose.yml | 4 +- examples/nextcloud/docker-compose.yml | 29 +++--- examples/passbolt/docker-compose.yml | 6 +- examples/php-multisite/docker-compose.yml | 45 +++++++-- examples/php-multisite/setup-autoconf.sh | 2 + examples/php-multisite/setup-docker.sh | 2 + examples/php-multisite/setup-linux.sh | 3 + examples/php-singlesite/docker-compose.yml | 40 +++++++- examples/php-singlesite/setup-docker.sh | 2 + examples/php-singlesite/setup-linux.sh | 3 + examples/prestashop/cleanup-kubernetes.sh | 7 +- examples/prestashop/docker-compose.yml | 92 +++++++++++++----- examples/prestashop/setup-kubernetes.sh | 7 +- examples/prestashop/tests.json | 2 +- examples/proxy-protocol/docker-compose.yml | 49 ++++++++-- examples/radarr/docker-compose.yml | 44 ++++++++- examples/redmine/cleanup-kubernetes.sh | 7 +- examples/redmine/docker-compose.yml | 67 ++++++++++--- examples/redmine/redmine-chart-values.yml | 2 + examples/redmine/setup-kubernetes.sh | 7 +- examples/redmine/tests.json | 2 +- .../docker-compose.yml | 49 ++++++++-- .../docker-compose.yml | 46 ++++++++- .../docker-compose.yml | 44 ++++++++- examples/reverse-proxy-websocket/tests.json | 17 ++++ .../reverse-proxy-websocket/tests.json.temp | 19 ---- examples/syslog/docker-compose.yml | 44 +++++++-- examples/syslog/syslog-ng.conf | 15 +++ examples/tomcat/docker-compose.yml | 44 ++++++++- .../tor-hidden-service/docker-compose.yml | 46 ++++++++- .../tor-hidden-service/web-files/index.php | 7 -- .../tor-hidden-service/web-files/js/script.js | 1 - examples/web-ui/docker-compose.yml | 59 ++++++----- examples/wordpress/cleanup-kubernetes.sh | 7 +- examples/wordpress/docker-compose.yml | 97 +++++++++++++------ examples/wordpress/setup-kubernetes.sh | 7 +- 51 files changed, 705 insertions(+), 246 deletions(-) create mode 100644 examples/reverse-proxy-websocket/tests.json delete mode 100644 examples/reverse-proxy-websocket/tests.json.temp create mode 100644 examples/syslog/syslog-ng.conf delete mode 100644 examples/tor-hidden-service/web-files/index.php delete mode 100644 examples/tor-hidden-service/web-files/js/script.js diff --git a/examples/behind-reverse-proxy/docker-compose.yml b/examples/behind-reverse-proxy/docker-compose.yml index a888d7d1e..0549be7c3 100644 --- a/examples/behind-reverse-proxy/docker-compose.yml +++ b/examples/behind-reverse-proxy/docker-compose.yml @@ -70,7 +70,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/certbot-dns-cloudflare/docker-compose.yml b/examples/certbot-dns-cloudflare/docker-compose.yml index ab5b6d7ae..fa65c1a84 100644 --- a/examples/certbot-dns-cloudflare/docker-compose.yml +++ b/examples/certbot-dns-cloudflare/docker-compose.yml @@ -92,7 +92,6 @@ volumes: bw-data: certs: - networks: bw-universe: ipam: diff --git a/examples/certbot-dns-digitalocean/docker-compose.yml b/examples/certbot-dns-digitalocean/docker-compose.yml index 089d39c84..4a23feedf 100644 --- a/examples/certbot-dns-digitalocean/docker-compose.yml +++ b/examples/certbot-dns-digitalocean/docker-compose.yml @@ -92,7 +92,6 @@ volumes: bw-data: certs: - networks: bw-universe: ipam: diff --git a/examples/certbot-dns-google/docker-compose.yml b/examples/certbot-dns-google/docker-compose.yml index 4488d702f..b8d9cdfa4 100644 --- a/examples/certbot-dns-google/docker-compose.yml +++ b/examples/certbot-dns-google/docker-compose.yml @@ -92,7 +92,6 @@ volumes: bw-data: certs: - networks: bw-universe: ipam: diff --git a/examples/certbot-dns-ovh/docker-compose.yml b/examples/certbot-dns-ovh/docker-compose.yml index cbfb936e1..f60f68e7a 100644 --- a/examples/certbot-dns-ovh/docker-compose.yml +++ b/examples/certbot-dns-ovh/docker-compose.yml @@ -92,7 +92,6 @@ volumes: bw-data: certs: - networks: bw-universe: ipam: diff --git a/examples/certbot-dns-route53/docker-compose.yml b/examples/certbot-dns-route53/docker-compose.yml index c62c7f229..a88d99059 100644 --- a/examples/certbot-dns-route53/docker-compose.yml +++ b/examples/certbot-dns-route53/docker-compose.yml @@ -92,7 +92,6 @@ volumes: bw-data: certs: - networks: bw-universe: ipam: diff --git a/examples/docker-configs/docker-compose.yml b/examples/docker-configs/docker-compose.yml index 36d1d333b..c7ed0a2f9 100644 --- a/examples/docker-configs/docker-compose.yml +++ b/examples/docker-configs/docker-compose.yml @@ -96,7 +96,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/drupal/docker-compose.yml b/examples/drupal/docker-compose.yml index 4cf09b269..6308947da 100644 --- a/examples/drupal/docker-compose.yml +++ b/examples/drupal/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "mariadb+pymysql://${DRUPAL_USER:-user}:${DRUPAL_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -86,7 +85,6 @@ volumes: bw-data: db-data: - networks: bw-universe: ipam: diff --git a/examples/ghost/docker-compose.yml b/examples/ghost/docker-compose.yml index 4cd102700..9e91508f1 100644 --- a/examples/ghost/docker-compose.yml +++ b/examples/ghost/docker-compose.yml @@ -65,7 +65,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/hardened/docker-compose.yml b/examples/hardened/docker-compose.yml index dc1dfcd36..7ace7c523 100644 --- a/examples/hardened/docker-compose.yml +++ b/examples/hardened/docker-compose.yml @@ -73,7 +73,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/joomla/docker-compose.yml b/examples/joomla/docker-compose.yml index d322c371c..1b1b399f0 100644 --- a/examples/joomla/docker-compose.yml +++ b/examples/joomla/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "mariadb+pymysql://${JOOMLA_USER:-user}:${JOOMLA_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -89,7 +88,6 @@ volumes: bw-data: db-data: - networks: bw-universe: ipam: diff --git a/examples/load-balancer/docker-compose.yml b/examples/load-balancer/docker-compose.yml index 3571bf3be..18fa1488f 100644 --- a/examples/load-balancer/docker-compose.yml +++ b/examples/load-balancer/docker-compose.yml @@ -77,7 +77,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/magento/docker-compose.yml b/examples/magento/docker-compose.yml index d235ae5b3..4dcbbbc6a 100644 --- a/examples/magento/docker-compose.yml +++ b/examples/magento/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "mariadb+pymysql://${MAGENTO_USER:-user}:${MAGENTO_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -102,7 +101,6 @@ volumes: bw-data: db-data: - networks: bw-universe: ipam: diff --git a/examples/mattermost/docker-compose.yml b/examples/mattermost/docker-compose.yml index e45504e55..1466848f2 100644 --- a/examples/mattermost/docker-compose.yml +++ b/examples/mattermost/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -140,7 +139,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/mongo-express/docker-compose.yml b/examples/mongo-express/docker-compose.yml index b59e9c9a3..d67ee490b 100644 --- a/examples/mongo-express/docker-compose.yml +++ b/examples/mongo-express/docker-compose.yml @@ -83,7 +83,6 @@ services: volumes: bw-data: - networks: bw-universe: ipam: diff --git a/examples/moodle/docker-compose.yml b/examples/moodle/docker-compose.yml index b94984016..3d7046cef 100644 --- a/examples/moodle/docker-compose.yml +++ b/examples/moodle/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "mariadb+pymysql://${MOODLE_USER:-user}:${MOODLE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -93,7 +92,6 @@ volumes: bw-data: db-data: - networks: bw-universe: ipam: diff --git a/examples/nextcloud/docker-compose.yml b/examples/nextcloud/docker-compose.yml index e6a770583..90ef7eeeb 100644 --- a/examples/nextcloud/docker-compose.yml +++ b/examples/nextcloud/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -42,21 +41,21 @@ services: LIMIT_REQ_RATE_3: "5r/s" CUSTOM_CONF_MODSEC_CRS_nextcloud: "\ SecAction \ - \"id:900130,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:tx.crs_exclusions_nextcloud=1\" + \"id:900130,\ + phase:1,\ + nolog,\ + pass,\ + t:none,\ + setvar:tx.crs_exclusions_nextcloud=1\" # WebDAV SecAction \ - \"id:900200,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\"" + \"id:900200,\ + phase:1,\ + nolog,\ + pass,\ + t:none,\ + setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\"" CUSTOM_CONF_MODSEC_nextcloud: "\ SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\"" labels: @@ -64,7 +63,7 @@ services: networks: - bw-universe - bw-services - + bw-scheduler: image: bunkerity/bunkerweb-scheduler:1.5.0 depends_on: diff --git a/examples/passbolt/docker-compose.yml b/examples/passbolt/docker-compose.yml index e2e721be0..0ece685ba 100644 --- a/examples/passbolt/docker-compose.yml +++ b/examples/passbolt/docker-compose.yml @@ -1,7 +1,6 @@ version: "3" -x-bunkerweb-env: - &bunkerweb-env +x-bunkerweb-env: &bunkerweb-env DATABASE_URI: "mariadb+pymysql://${PASSBOLT_USER:-user}:${PASSBOLT_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" services: @@ -86,7 +85,7 @@ services: "0", "mydb:3306", "--", - "/docker-entrypoint.sh" + "/docker-entrypoint.sh", ] networks: - bw-services @@ -108,7 +107,6 @@ volumes: db-data: bw-data: - networks: bw-universe: ipam: diff --git a/examples/php-multisite/docker-compose.yml b/examples/php-multisite/docker-compose.yml index e07bf253a..5614eaa9d 100644 --- a/examples/php-multisite/docker-compose.yml +++ b/examples/php-multisite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -16,6 +16,7 @@ services: - ./bw-data:/data # contains web files (PHP, assets, ...), don't forget to rename the subfolders environment: - SERVER_NAME=app1.example.com app2.example.com # replace with your domains + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - MULTISITE=yes - AUTO_LETS_ENCRYPT=yes - DISABLE_DEFAULT_SERVER=yes @@ -25,9 +26,33 @@ services: - app1.example.com_REMOTE_PHP_PATH=/app - app2.example.com_REMOTE_PHP=myapp2 - app2.example.com_REMOTE_PHP_PATH=/app + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container networks: - - net_app1 - - net_app2 + - bw-universe + - net-app1 + - net-app2 + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - ./bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myapp1: image: php:fpm @@ -38,7 +63,7 @@ services: volumes: - ./bw-data/www/app1.example.com:/app # folder containing PHP app1 (don't forget to rename it) networks: - - net_app1 + - net-app1 myapp2: image: php:fpm @@ -49,8 +74,14 @@ services: volumes: - ./bw-data/www/app2.example.com:/app # folder containing PHP app2 (don't forget to rename it) networks: - - net_app2 + - net-app2 networks: - net_app1: - net_app2: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + net-docker: + net-app1: + net-app2: diff --git a/examples/php-multisite/setup-autoconf.sh b/examples/php-multisite/setup-autoconf.sh index 8bc8b988a..b777f182a 100755 --- a/examples/php-multisite/setup-autoconf.sh +++ b/examples/php-multisite/setup-autoconf.sh @@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then exit 1 fi +chown -R root:101 bw-data +chmod -R 770 bw-data chown -R 33:101 ./bw-data/www find ./bw-data/www -type f -exec chmod 0640 {} \; find ./bw-data/www -type d -exec chmod 0750 {} \; diff --git a/examples/php-multisite/setup-docker.sh b/examples/php-multisite/setup-docker.sh index 8bc8b988a..b777f182a 100755 --- a/examples/php-multisite/setup-docker.sh +++ b/examples/php-multisite/setup-docker.sh @@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then exit 1 fi +chown -R root:101 bw-data +chmod -R 770 bw-data chown -R 33:101 ./bw-data/www find ./bw-data/www -type f -exec chmod 0640 {} \; find ./bw-data/www -type d -exec chmod 0750 {} \; diff --git a/examples/php-multisite/setup-linux.sh b/examples/php-multisite/setup-linux.sh index d42751150..2d5d22d18 100755 --- a/examples/php-multisite/setup-linux.sh +++ b/examples/php-multisite/setup-linux.sh @@ -13,6 +13,9 @@ else echo "❌ No PHP user found" exit 1 fi + +chown -R root:101 bw-data +chmod -R 770 bw-data cp -r ./bw-data/www/* /var/www/html chown -R $user:nginx /var/www/html find /var/www/html -type f -exec chmod 0640 {} \; diff --git a/examples/php-singlesite/docker-compose.yml b/examples/php-singlesite/docker-compose.yml index c6a2a7bff..405fcbf5a 100644 --- a/examples/php-singlesite/docker-compose.yml +++ b/examples/php-singlesite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -16,12 +16,39 @@ services: - ./bw-data:/data # contains web files (PHP, assets, ...) environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - AUTO_LETS_ENCRYPT=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes - USE_GZIP=yes - REMOTE_PHP=myphp - REMOTE_PHP_PATH=/app + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - ./bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myphp: image: php:fpm @@ -31,3 +58,14 @@ services: # example : chown -R 33:101 ./bw-data/www && find ./bw-data/www -type f -exec chmod 0640 {} \; && find ./bw-data/www -type d -exec chmod 0750 {} \; volumes: - ./bw-data/www:/app # folder containing PHP app + networks: + - bw-services + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/php-singlesite/setup-docker.sh b/examples/php-singlesite/setup-docker.sh index 8bc8b988a..b777f182a 100755 --- a/examples/php-singlesite/setup-docker.sh +++ b/examples/php-singlesite/setup-docker.sh @@ -5,6 +5,8 @@ if [ $(id -u) -ne 0 ] ; then exit 1 fi +chown -R root:101 bw-data +chmod -R 770 bw-data chown -R 33:101 ./bw-data/www find ./bw-data/www -type f -exec chmod 0640 {} \; find ./bw-data/www -type d -exec chmod 0750 {} \; diff --git a/examples/php-singlesite/setup-linux.sh b/examples/php-singlesite/setup-linux.sh index d42751150..2d5d22d18 100755 --- a/examples/php-singlesite/setup-linux.sh +++ b/examples/php-singlesite/setup-linux.sh @@ -13,6 +13,9 @@ else echo "❌ No PHP user found" exit 1 fi + +chown -R root:101 bw-data +chmod -R 770 bw-data cp -r ./bw-data/www/* /var/www/html chown -R $user:nginx /var/www/html find /var/www/html -type f -exec chmod 0640 {} \; diff --git a/examples/prestashop/cleanup-kubernetes.sh b/examples/prestashop/cleanup-kubernetes.sh index faf0d1e07..6b705fb60 100755 --- a/examples/prestashop/cleanup-kubernetes.sh +++ b/examples/prestashop/cleanup-kubernetes.sh @@ -1,9 +1,4 @@ #!/bin/bash -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - helm delete prestashop -kubectl delete pvc data-prestashop-mariadb-0 \ No newline at end of file +kubectl delete pvc data-prestashop-mariadb-0 diff --git a/examples/prestashop/docker-compose.yml b/examples/prestashop/docker-compose.yml index 6a7119581..cba075c24 100644 --- a/examples/prestashop/docker-compose.yml +++ b/examples/prestashop/docker-compose.yml @@ -1,8 +1,11 @@ version: "3" +x-bunkerweb-env: &bunkerweb-env + DATABASE_URI: "mariadb+pymysql://${PRESTASHOP_USER:-user}:${PRESTASHOP_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" + services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,20 +16,50 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - - SERVER_NAME=www.example.com # replace with your domain - - SERVE_FILES=no - - DISABLE_DEFAULT_SERVER=yes - - AUTO_LETS_ENCRYPT=yes - - USE_CLIENT_CACHE=yes - - USE_GZIP=yes - - MAX_CLIENT_SIZE=50m - - USE_REVERSE_PROXY=yes - - REVERSE_PROXY_URL=/ - - REVERSE_PROXY_HOST=http://myps - - LIMIT_REQ_URL_1=/install/index.php - - LIMIT_REQ_RATE_1=8r/s + <<: *bunkerweb-env + SERVER_NAME: "www.example.com" # replace with your domain + API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" + SERVE_FILES: "no" + DISABLE_DEFAULT_SERVER: "yes" + AUTO_LETS_ENCRYPT: "yes" + USE_CLIENT_CACHE: "yes" + USE_GZIP: "yes" + MAX_CLIENT_SIZE: "50m" + USE_REVERSE_PROXY: "yes" + REVERSE_PROXY_URL: "/" + REVERSE_PROXY_HOST: "http://myps" + # Onces the installation is done, you can remove these lines + LIMIT_REQ_URL_1: "/install/index.php" + LIMIT_REQ_RATE_1: "8r/s" + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + <<: *bunkerweb-env + DOCKER_HOST: "tcp://docker-proxy:2375" + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myps: image: prestashop/prestashop:1.7 @@ -34,24 +67,37 @@ services: - ./ps-data:/var/www/html environment: - DB_SERVER=mydb - - DB_USER=user - - DB_PASSWD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + - DB_USER=${PRESTASHOP_USER:-user} + - DB_PASSWD=${PRESTASHOP_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD) - DB_PREFIX=prefix_ # replace with a random prefix (good security practice) - - DB_NAME=prestashop + - DB_NAME=${PRESTASHOP_DATABASE:-prestashop} - PS_ENABLE_SSL=1 - ADMIN_MAIL=admin@example.com # change to the prestashop admin email - ADMIN_PASSWD=changeme # change to the prestashop admin password - PS_FOLDER_ADMIN=administration # change to the prestashop admin folder + networks: + - bw-services mydb: image: mariadb volumes: - - ./db-data:/var/lib/mysql + - db-data:/var/lib/mysql environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=prestashop - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match DB_PASSWD) + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${PRESTASHOP_USER:-user}\"; CREATE USER \"${PRESTASHOP_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${PRESTASHOP_DATABASE:-prestashop}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${PRESTASHOP_DATABASE:-prestashop}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${PRESTASHOP_USER:-user}\"@\"%\" IDENTIFIED BY \"${PRESTASHOP_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci" + networks: + - bw-universe + - bw-services volumes: - bw_data: + bw-data: + db-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/prestashop/setup-kubernetes.sh b/examples/prestashop/setup-kubernetes.sh index 52856a84c..02ab3a899 100755 --- a/examples/prestashop/setup-kubernetes.sh +++ b/examples/prestashop/setup-kubernetes.sh @@ -1,9 +1,4 @@ #!/bin/bash -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - helm repo add bitnami https://charts.bitnami.com/bitnami -helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop \ No newline at end of file +helm install -f prestashop-chart-values.yml prestashop bitnami/prestashop diff --git a/examples/prestashop/tests.json b/examples/prestashop/tests.json index b1cf243be..926584893 100644 --- a/examples/prestashop/tests.json +++ b/examples/prestashop/tests.json @@ -2,7 +2,7 @@ "name": "prestashop", "kinds": ["docker", "autoconf", "swarm", "kubernetes"], "timeout": 180, - "delay": 120, + "delay": 180, "tests": [ { "type": "string", diff --git a/examples/proxy-protocol/docker-compose.yml b/examples/proxy-protocol/docker-compose.yml index 3ef3e2c38..b078ec530 100644 --- a/examples/proxy-protocol/docker-compose.yml +++ b/examples/proxy-protocol/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 # ⚠️ read this if you use local folders for volumes ⚠️ # bunkerweb runs as an unprivileged user with UID/GID 101 # don't forget to edit the permissions of the files and folders accordingly @@ -10,9 +10,10 @@ services: # or for an existing one : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domains + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - AUTO_LETS_ENCRYPT=yes @@ -26,9 +27,33 @@ services: - USE_REAL_IP=yes - REAL_IP_FROM=10.10.10.0/24 - REAL_IP_HEADER=proxy_protocol + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container networks: - - net_proxy - - net_apps + - net-proxy + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myproxy: image: haproxy @@ -38,20 +63,26 @@ services: volumes: - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro networks: - - net_proxy + - net-proxy myapp: image: tutum/hello-world networks: - - net_apps + - bw-services volumes: - bw_data: + bw-data: networks: - net_proxy: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: + net-proxy: ipam: driver: default config: - subnet: 10.10.10.0/24 - net_apps: diff --git a/examples/radarr/docker-compose.yml b/examples/radarr/docker-compose.yml index bbb217bee..16da1b1d1 100644 --- a/examples/radarr/docker-compose.yml +++ b/examples/radarr/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.5" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,9 +13,10 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - AUTO_LETS_ENCRYPT=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes @@ -34,6 +35,32 @@ services: # Increase request rate for API endpoints - LIMIT_REQ_URL_1=^/api/ - LIMIT_REQ_RATE_1=10r/s + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker radarr: image: lscr.io/linuxserver/radarr:latest @@ -46,6 +73,17 @@ services: - ./config:/config - ./movies:/movies #optional - ./downloads:/downloads #optional + networks: + - bw-services volumes: - bw_data: + bw-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/redmine/cleanup-kubernetes.sh b/examples/redmine/cleanup-kubernetes.sh index 8c0c75822..5db772d6f 100755 --- a/examples/redmine/cleanup-kubernetes.sh +++ b/examples/redmine/cleanup-kubernetes.sh @@ -1,10 +1,5 @@ #!/bin/bash -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - helm delete redmine kubectl delete pvc data-redmine-mariadb-0 -kubectl delete pvc data-redmine-postgresql-0 \ No newline at end of file +kubectl delete pvc data-redmine-postgresql-0 diff --git a/examples/redmine/docker-compose.yml b/examples/redmine/docker-compose.yml index a07bda2f8..4cfb26778 100644 --- a/examples/redmine/docker-compose.yml +++ b/examples/redmine/docker-compose.yml @@ -1,8 +1,11 @@ version: "3" +x-bunkerweb-env: &bunkerweb-env + DATABASE_URI: "mariadb+pymysql://${REDMINE_USER:-user}:${REDMINE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" + services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,9 +16,10 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - AUTO_LETS_ENCRYPT=yes @@ -24,6 +28,32 @@ services: - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://myredmine:3000 + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myredmine: image: redmine @@ -32,19 +62,32 @@ services: - ./redmine-data:/usr/src/redmine/files environment: - REDMINE_DB_MYSQL=mydb - - REDMINE_DB_DATABASE=redminedb - - REDMINE_DB_USERNAME=user - - REDMINE_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + - REDMINE_DB_DATABASE=${REDMINE_DATABASE:-redminedb} + - REDMINE_DB_USERNAME=${REDMINE_USER:-user} + - REDMINE_DB_PASSWORD=${REDMINE_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD) + networks: + - bw-services mydb: - image: mysql + image: mariadb volumes: - - ./db-data:/var/lib/mysql + - db-data:/var/lib/mysql environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=redminedb - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match REDMINE_DB_PASSWORD) + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${REDMINE_USER:-user}\"; CREATE USER \"${REDMINE_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${REDMINE_DATABASE:-redminedb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${REDMINE_DATABASE:-redminedb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${REDMINE_USER:-user}\"@\"%\" IDENTIFIED BY \"${REDMINE_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci" + networks: + - bw-universe + - bw-services volumes: - bw_data: + bw-data: + db-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/redmine/redmine-chart-values.yml b/examples/redmine/redmine-chart-values.yml index 1141e8a0b..ce82ab3ed 100644 --- a/examples/redmine/redmine-chart-values.yml +++ b/examples/redmine/redmine-chart-values.yml @@ -2,3 +2,5 @@ redmineUsername: "user" redminePassword: "changeme42" redmineEmail: "user@example.com" redmineLanguage: "en" +service: + type: ClusterIP diff --git a/examples/redmine/setup-kubernetes.sh b/examples/redmine/setup-kubernetes.sh index 61d399161..40ab8802f 100755 --- a/examples/redmine/setup-kubernetes.sh +++ b/examples/redmine/setup-kubernetes.sh @@ -1,9 +1,4 @@ #!/bin/bash -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - helm repo add bitnami https://charts.bitnami.com/bitnami -helm install -f redmine-chart-values.yml redmine bitnami/redmine \ No newline at end of file +helm install -f redmine-chart-values.yml redmine bitnami/redmine diff --git a/examples/redmine/tests.json b/examples/redmine/tests.json index c4fd2a443..bd20684e3 100644 --- a/examples/redmine/tests.json +++ b/examples/redmine/tests.json @@ -2,7 +2,7 @@ "name": "redmine", "kinds": ["docker", "autoconf", "swarm", "kubernetes"], "timeout": 120, - "delay": 60, + "delay": 180, "tests": [ { "type": "string", diff --git a/examples/reverse-proxy-multisite/docker-compose.yml b/examples/reverse-proxy-multisite/docker-compose.yml index 96a646dee..2fcd71ad4 100644 --- a/examples/reverse-proxy-multisite/docker-compose.yml +++ b/examples/reverse-proxy-multisite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,10 +13,11 @@ services: # or for an existing one : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - MULTISITE=yes - SERVER_NAME=app1.example.com app2.example.com # replace with your domains + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - AUTO_LETS_ENCRYPT=yes @@ -27,23 +28,53 @@ services: - app1.example.com_REVERSE_PROXY_HOST=http://app1 - app2.example.com_REVERSE_PROXY_URL=/ - app2.example.com_REVERSE_PROXY_HOST=http://app2 + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container networks: - - net_app1 - - net_app2 + - bw-universe + - net-app1 + - net-app2 + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker app1: image: tutum/hello-world networks: - - net_app1 + - net-app1 app2: image: tutum/hello-world networks: - - net_app2 + - net-app2 volumes: - bw_data: + bw-data: networks: - net_app1: - net_app2: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + net-docker: + net-app1: + net-app2: diff --git a/examples/reverse-proxy-singlesite/docker-compose.yml b/examples/reverse-proxy-singlesite/docker-compose.yml index 2cd890991..d44622448 100644 --- a/examples/reverse-proxy-singlesite/docker-compose.yml +++ b/examples/reverse-proxy-singlesite/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,9 +13,10 @@ services: # or for an existing one : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - AUTO_LETS_ENCRYPT=yes @@ -32,12 +33,51 @@ services: location ~ ^/(app1|app2)$$ { rewrite ^(.*)$$ $$1/ permanent; } + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker app1: image: tutum/hello-world + networks: + - bw-services app2: image: tutum/hello-world + networks: + - bw-services volumes: - bw_data: + bw-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/reverse-proxy-websocket/docker-compose.yml b/examples/reverse-proxy-websocket/docker-compose.yml index 3d9343162..0ffbad7a8 100644 --- a/examples/reverse-proxy-websocket/docker-compose.yml +++ b/examples/reverse-proxy-websocket/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,9 +13,10 @@ services: # or for an existing one : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - SERVE_FILES=no - DISABLE_DEFAULT_SERVER=yes - AUTO_LETS_ENCRYPT=yes @@ -25,9 +26,46 @@ services: - REVERSE_PROXY_URL=/ws/ - REVERSE_PROXY_HOST=http://myws:8010/ - REVERSE_PROXY_WS=yes + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myws: image: ksdn117/web-socket-test + networks: + - bw-services volumes: - bw_data: + bw-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/reverse-proxy-websocket/tests.json b/examples/reverse-proxy-websocket/tests.json new file mode 100644 index 000000000..9262bc175 --- /dev/null +++ b/examples/reverse-proxy-websocket/tests.json @@ -0,0 +1,17 @@ +{ + "name": "reverse-proxy-websocket", + "kinds": ["docker"], + "timeout": 60, + "tests": [ + { + "type": "string-ws", + "url": "https://www.example.com/app1", + "string": "hello" + }, + { + "type": "string", + "url": "https://www.example.com/app2", + "string": "hello" + } + ] +} diff --git a/examples/reverse-proxy-websocket/tests.json.temp b/examples/reverse-proxy-websocket/tests.json.temp deleted file mode 100644 index 5bc7bd2ab..000000000 --- a/examples/reverse-proxy-websocket/tests.json.temp +++ /dev/null @@ -1,19 +0,0 @@ -{ - "name": "reverse-proxy-websocket", - "kinds": [ - "docker" - ], - "timeout": 60, - "tests": [ - { - "type": "string-ws", - "url": "https://www.example.com/app1", - "string": "hello" - }, - { - "type": "string", - "url": "https://www.example.com/app2", - "string": "hello" - }, - ] -} \ No newline at end of file diff --git a/examples/syslog/docker-compose.yml b/examples/syslog/docker-compose.yml index 117ac6c10..b86042f2c 100644 --- a/examples/syslog/docker-compose.yml +++ b/examples/syslog/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 logging: driver: syslog options: @@ -19,9 +19,10 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.10.10.0/24 - AUTO_LETS_ENCRYPT=yes - DISABLE_DEFAULT_SERVER=yes - USE_CLIENT_CACHE=yes @@ -29,8 +30,36 @@ services: - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://myapp + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container networks: - - mynet + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + logging: + driver: syslog + options: + syslog-address: "udp://10.10.10.254:514" + depends_on: + - mybunker + - mysyslog + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-services + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker mysyslog: image: balabit/syslog-ng @@ -39,20 +68,21 @@ services: - ./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf - ./log:/var/log networks: - mynet: + bw-services: ipv4_address: 10.10.10.254 myapp: image: tutum/hello-world networks: - - mynet + - bw-services volumes: - bw_data: + bw-data: networks: - mynet: + bw-services: ipam: driver: default config: - subnet: 10.10.10.0/24 + net-docker: diff --git a/examples/syslog/syslog-ng.conf b/examples/syslog/syslog-ng.conf new file mode 100644 index 000000000..687b3e5a2 --- /dev/null +++ b/examples/syslog/syslog-ng.conf @@ -0,0 +1,15 @@ +# This is a basic configuration file for syslog-ng. +@version: 3.38 +@include "scl.conf" + +log { + source { + udp( + ip("0.0.0.0") + ); + }; + + destination { + file("/var/log/syslog"); + }; +}; \ No newline at end of file diff --git a/examples/tomcat/docker-compose.yml b/examples/tomcat/docker-compose.yml index 46e0a6f51..4d96e68cd 100644 --- a/examples/tomcat/docker-compose.yml +++ b/examples/tomcat/docker-compose.yml @@ -2,7 +2,7 @@ version: "3" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,9 +13,10 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data + - bw-data:/data environment: - SERVER_NAME=www.example.com # replace with your domain + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 - DISABLE_DEFAULT_SERVER=yes - AUTO_LETS_ENCRYPT=yes - USE_CLIENT_CACHE=yes @@ -23,11 +24,48 @@ services: - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://mytomcat:8080/sample/ + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker mytomcat: image: tomcat volumes: - ./app:/usr/local/tomcat/webapps/ # folder containing war files + networks: + - bw-services volumes: - bw_data: + bw-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/tor-hidden-service/docker-compose.yml b/examples/tor-hidden-service/docker-compose.yml index b931dd6dd..de6980bfc 100644 --- a/examples/tor-hidden-service/docker-compose.yml +++ b/examples/tor-hidden-service/docker-compose.yml @@ -8,9 +8,11 @@ services: environment: - SERVICE1_TOR_SERVICE_HOSTS=80:mybunker:8080 - SERVICE1_TOR_SERVICE_VERSION=3 + networks: + - bw-universe mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 # ⚠️ read this if you use local folders for volumes ⚠️ # bunkerweb runs as an unprivileged user with UID/GID 101 # don't forget to edit the permissions of the files and folders accordingly @@ -18,8 +20,9 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_cache:/cache + - bw-data:/data environment: + - API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24 # disable common security measures based on IP - USE_BAD_BEHAVIOR=no - USE_DNSBL=no @@ -32,9 +35,46 @@ services: - USE_REVERSE_PROXY=yes - REVERSE_PROXY_URL=/ - REVERSE_PROXY_HOST=http://myapp + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker myapp: image: tutum/hello-world + networks: + - bw-services volumes: - bw_cache: + bw-data: + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/tor-hidden-service/web-files/index.php b/examples/tor-hidden-service/web-files/index.php deleted file mode 100644 index e7114da4b..000000000 --- a/examples/tor-hidden-service/web-files/index.php +++ /dev/null @@ -1,7 +0,0 @@ - - - diff --git a/examples/tor-hidden-service/web-files/js/script.js b/examples/tor-hidden-service/web-files/js/script.js deleted file mode 100644 index 6df067c05..000000000 --- a/examples/tor-hidden-service/web-files/js/script.js +++ /dev/null @@ -1 +0,0 @@ -alert("JavaScript is working!"); diff --git a/examples/web-ui/docker-compose.yml b/examples/web-ui/docker-compose.yml index 9045bbe45..a4ac9741a 100644 --- a/examples/web-ui/docker-compose.yml +++ b/examples/web-ui/docker-compose.yml @@ -1,8 +1,8 @@ -version: "3" +version: "3.5" services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -13,10 +13,9 @@ services: # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder # more info at https://docs.bunkerweb.io volumes: - - bw_data:/data - - bw_config:/etc/nginx + - bw-data:/data environment: - - SERVER_NAME=www.example.com + - SERVER_NAME=www.example.com # replace with your domain - MULTISITE=yes - AUTO_LETS_ENCRYPT=yes - DISABLE_DEFAULT_SERVER=yes @@ -27,7 +26,7 @@ services: - www.example.com_SERVE_FILES=no - www.example.com_USE_REVERSE_PROXY=yes - www.example.com_REVERSE_PROXY_URL=/changeme # replace with another url - - www.example.com_REVERSE_PROXY_HOST=http://myui:7000 + - www.example.com_REVERSE_PROXY_HOST=http://bw-ui:7000 - www.example.com_REVERSE_PROXY_HEADERS=X-Script-Name /changeme # replace with another url - www.example.com_REVERSE_PROXY_INTERCEPT_ERRORS=no - www.example.com_LIMIT_REQ_URL=/changeme/plugins/upload # replace with another url @@ -35,45 +34,57 @@ services: - www.example.com_LIMIT_REQ_URL_1=/changeme/logs # replace with another url - www.example.com_LIMIT_REQ_RATE_1=4r/s labels: - - "bunkerweb.UI" + - "bunkerweb.INSTANCE" networks: - - net_ui - - net_svc + - bw-universe + - bw-services - myui: - image: bunkerity/bunkerweb-ui:1.4.3 + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 depends_on: - - myuiproxy + - mybunker + environment: + - DOCKER_HOST=tcp://docker-proxy:2375 volumes: - - bw_data:/data - - bw_config:/etc/nginx + - bw-data:/data + networks: + - bw-universe + - net-docker + + bw-ui: + image: bunkerity/bunkerweb-ui:1.5.0 + depends_on: + - docker-proxy environment: - ABSOLUTE_URI=https://www.example.com/changeme/ # replace with another url - - DOCKER_HOST=tcp://myuiproxy:2375 + - DOCKER_HOST=tcp://docker-proxy:2375 - ADMIN_USERNAME=admin - ADMIN_PASSWORD=changeme # replace with a stronger password + volumes: + - bw-data:/data networks: - - net_ui - - net_docker + - bw-universe + - net-docker - myuiproxy: + docker-proxy: image: tecnativa/docker-socket-proxy volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - CONTAINERS=1 networks: - - net_docker + - net-docker volumes: - bw_data: - bw_config: + bw-data: + networks: - net_ui: + bw-universe: + name: bw-universe ipam: driver: default config: - subnet: 10.20.30.0/24 - net_docker: - net_svc: + bw-services: + net-docker: diff --git a/examples/wordpress/cleanup-kubernetes.sh b/examples/wordpress/cleanup-kubernetes.sh index 3f0761178..511e48640 100755 --- a/examples/wordpress/cleanup-kubernetes.sh +++ b/examples/wordpress/cleanup-kubernetes.sh @@ -1,9 +1,4 @@ #!/bin/bash -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - helm delete wordpress -kubectl delete pvc data-wordpress-mariadb-0 \ No newline at end of file +kubectl delete pvc data-wordpress-mariadb-0 diff --git a/examples/wordpress/docker-compose.yml b/examples/wordpress/docker-compose.yml index f2b5da38c..78b74eb9d 100644 --- a/examples/wordpress/docker-compose.yml +++ b/examples/wordpress/docker-compose.yml @@ -1,8 +1,12 @@ version: "3" +x-bunkerweb-env: + &bunkerweb-env + DATABASE_URI: "mariadb+pymysql://${WORDPRESS_USER:-user}:${WORDPRESS_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}" + services: mybunker: - image: bunkerity/bunkerweb:1.4.3 + image: bunkerity/bunkerweb:1.5.0 ports: - 80:8080 - 443:8443 @@ -12,26 +16,47 @@ services: # example if you need to create a directory : mkdir folder && chown root:101 folder && chmod 770 folder # another example for existing folder : chown -R root:101 folder && chmod -R 770 folder volumes: - - bw_data:/data + - bw-data:/data environment: - - SERVER_NAME=www.example.com # replace with your domain - - AUTO_LETS_ENCRYPT=yes - - DISABLE_DEFAULT_SERVER=yes - - MAX_CLIENT_SIZE=50m - - USE_CLIENT_CACHE=yes - - USE_GZIP=yes - - USE_REVERSE_PROXY=yes - - REVERSE_PROXY_URL=/ - - REVERSE_PROXY_HOST=http://mywp - - | - CUSTOM_CONF_MODSEC_CRS_wordpress= - SecAction \ - "id:900130,\ - phase:1,\ - nolog,\ - pass,\ - t:none,\ - setvar:tx.crs_exclusions_wordpress=1" + <<: *bunkerweb-env + SERVER_NAME: "www.example.com" # replace with your domain + API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24" + AUTO_LETS_ENCRYPT: "yes" + DISABLE_DEFAULT_SERVER: "yes" + MAX_CLIENT_SIZE: "50m" + USE_CLIENT_CACHE: "yes" + USE_GZIP: "yes" + USE_REVERSE_PROXY: "yes" + REVERSE_PROXY_URL: "/" + REVERSE_PROXY_HOST: "http://mywp" + CUSTOM_CONF_MODSEC_CRS_wordpress: 'SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_wordpress=1"' + labels: + - "bunkerweb.INSTANCE" # required for the scheduler to recognize the container + networks: + - bw-universe + - bw-services + + bw-scheduler: + image: bunkerity/bunkerweb-scheduler:1.5.0 + depends_on: + - mybunker + environment: + <<: *bunkerweb-env + DOCKER_HOST: "tcp://docker-proxy:2375" + volumes: + - bw-data:/data + networks: + - bw-universe + - net-docker + + docker-proxy: + image: tecnativa/docker-socket-proxy + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - CONTAINERS=1 + networks: + - net-docker mywp: image: wordpress:5-apache @@ -39,20 +64,34 @@ services: - ./wp-data:/var/www/html environment: - WORDPRESS_DB_HOST=mydb - - WORDPRESS_DB_NAME=wp - - WORDPRESS_DB_USER=user - - WORDPRESS_DB_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD) + - WORDPRESS_DB_NAME=${WORDPRESS_DATABASE:-wp} + - WORDPRESS_DB_USER=${WORDPRESS_USER:-user} + - WORDPRESS_DB_PASSWORD=${WORDPRESS_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD) - WORDPRESS_TABLE_PREFIX=prefix_ # best practice : replace with a random prefix + networks: + - bw-services mydb: image: mariadb volumes: - - ./db-data:/var/lib/mysql + - db-data:/var/lib/mysql environment: - - MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password - - MYSQL_DATABASE=wp - - MYSQL_USER=user - - MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match WORDPRESS_DB_PASSWORD) + MARIADB_RANDOM_ROOT_PASSWORD: "yes" + entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${WORDPRESS_USER:-user}\"; CREATE USER \"${WORDPRESS_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${WORDPRESS_DATABASE:-wp}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${WORDPRESS_DATABASE:-wp}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${WORDPRESS_USER:-user}\"@\"%\" IDENTIFIED BY \"${WORDPRESS_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci" + networks: + - bw-universe + - bw-services volumes: - bw_data: + bw-data: + db-data: + + +networks: + bw-universe: + ipam: + driver: default + config: + - subnet: 10.20.30.0/24 + bw-services: + net-docker: diff --git a/examples/wordpress/setup-kubernetes.sh b/examples/wordpress/setup-kubernetes.sh index 8d13aa13f..a2c88a775 100755 --- a/examples/wordpress/setup-kubernetes.sh +++ b/examples/wordpress/setup-kubernetes.sh @@ -1,9 +1,4 @@ #!/bin/bash -if [ $(id -u) -ne 0 ] ; then - echo "❌ Run me as root" - exit 1 -fi - helm repo add wordpress https://charts.bitnami.com/bitnami -helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress \ No newline at end of file +helm install -f wordpress-chart-values.yml wordpress bitnami/wordpress